wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix scan-build warning and simplify CheckOcspRequest validation

Browse Source
This commit is contained in:
toddouska
2017-01-27 17:07:31 -08:00
parent f44bbe9ba3
commit a10d464126
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/ocsp.c
View File

@@ -244,6 +244,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
return ret; return ret;
} }
/* 0 on success */
int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
buffer* responseBuffer) buffer* responseBuffer)
{ {
@@ -256,6 +257,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
const char* url = NULL; const char* url = NULL;
int urlSz = 0; int urlSz = 0;
int ret = -1; int ret = -1;
int validated = 0; /* ocsp validation flag */
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
CertStatus* newStatus; CertStatus* newStatus;
@@ -323,9 +325,6 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
if (requestSz > 0 && ocsp->cm->ocspIOCb) { if (requestSz > 0 && ocsp->cm->ocspIOCb) {
responseSz = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz, responseSz = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
request, requestSz, &response); request, requestSz, &response);
if (responseSz < 0) {
ret = responseSz; /* because ret was used for multiple purposes */
}
} }
if (responseSz >= 0 && response) { if (responseSz >= 0 && response) {
@@ -333,15 +332,12 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
InitOcspResponse(ocspResponse, newStatus, response, responseSz); InitOcspResponse(ocspResponse, newStatus, response, responseSz);
if (OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap) != 0) { if (OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap) != 0) {
ret = OCSP_LOOKUP_FAIL;
WOLFSSL_MSG("OcspResponseDecode failed"); WOLFSSL_MSG("OcspResponseDecode failed");
} }
else if (ocspResponse->responseStatus != OCSP_SUCCESSFUL) { else if (ocspResponse->responseStatus != OCSP_SUCCESSFUL) {
ret = OCSP_LOOKUP_FAIL;
WOLFSSL_MSG("OcspResponse status bad"); WOLFSSL_MSG("OcspResponse status bad");
} }
else { else {
ret = OCSP_LOOKUP_FAIL; /* make sure in fail state */
if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) { if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) {
if (responseBuffer) { if (responseBuffer) {
responseBuffer->buffer = (byte*)XMALLOC(responseSz, responseBuffer->buffer = (byte*)XMALLOC(responseSz,
@@ -355,6 +351,9 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
/* only way to get to good state */ /* only way to get to good state */
ret = xstat2err(ocspResponse->status->status); ret = xstat2err(ocspResponse->status->status);
if (ret == 0) {
validated = 1;
}
if (wc_LockMutex(&ocsp->ocspLock) != 0) if (wc_LockMutex(&ocsp->ocspLock) != 0)
ret = BAD_MUTEX_E; ret = BAD_MUTEX_E;
@@ -396,12 +395,8 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
wc_UnLockMutex(&ocsp->ocspLock); wc_UnLockMutex(&ocsp->ocspLock);
} }
} }
else
ret = OCSP_LOOKUP_FAIL;
} }
} }
else
ret = OCSP_LOOKUP_FAIL;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -411,6 +406,12 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
if (response != NULL && ocsp->cm->ocspRespFreeCb) if (response != NULL && ocsp->cm->ocspRespFreeCb)
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, response); ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, response);
if (ret == 0 && validated == 1) {
ret = 0;
} else {
ret = OCSP_LOOKUP_FAIL;
}
WOLFSSL_LEAVE("CheckOcspRequest", ret); WOLFSSL_LEAVE("CheckOcspRequest", ret);
return ret; return ret;
} }